Python websocket Implementation scan QR code login---Goeasy

Recently doing a scan code login function, for this I also searched the internet about the implementation of the scan login. When this function was completed, I decided to organize the whole realization, so that I can see it later and also facilitate other programs with similar requirements.
To implement a scan login we need to address two issues:
1. How do I resolve a privilege security issue without entering a username and password? In other words, how to let the server know the QR code of the client is a legitimate user?
2. How can the server respond to the Web page in real time based on the user's choice of client?

First of all, we first understand the implementation of the idea, to facilitate our understanding of the way to solve this problem. Login QR code is actually to convert a URL into a two-dimensional code form, and through the client scan code, nothing is open this URL, I captured the QR code URL is https://login.weixin.qq.com/l/YdmTu30I5A==, The ydmtu30i5a== in this URL represents the unique ID of this session, which is somewhat similar to the browser's session ID, which can be directed to feed the confirmation result back to the page. Using the QR Code login function requires two prerequisites: one is to install the app on the client. Second, users need to login to the app. https://wx.qq.com/

Python WebSocket Message Push

Why do we have these two conditions? That is because when you confirm that you are allowed to log in to the Web version, you need to extract the current app's login information and the above session ID to the server, so that the server received the login information and SessionID can confirm two things: one is to confirm that the user logged on the client is authenticated The second is to know which Web page the feedback results are pushed to by the session ID server.

So for the 1th, our key is to ensure that the user is a verified and legitimate user before the scan (the authentication method can be a user name + password, or a secure key), when you choose whether to log in and push this result to the server side, just fine. If the user does not verify the legality, you can just like the way to tell the user the QR code is not recognized or prompt to login to the app first.

With authentication, now solve the second problem, how to display the feedback results in real time on the Web page? A friend may say, the client side is very simple to send a request to the background, and the Web page with Ajax timed to the server to see if there is feedback. I'm not in favor of this approach because Ajax polling is a very expensive way to consume both client and server-side resources! Here is another technology-web real-time push technology, using push technology can save the server and client resources, can steadily push and receive any message. I am in the process of implementation of the third-party push service-goeasy push, with it is very easy to achieve, the other features of our project also used in the Goeasy Web real-time push service, so I directly use the goeasy push to push the login feedback results to the server. My implementation step is very simple, the transmitted session ID as the client and the Web side of the communication channel, the web-side subscription with session ID as a worthwhile channel, the client will verify the results and session ID sent to the server side, The server side can actively push the results to the web version via this channel! If the client also needs to do the corresponding feedback, then the client only need to subscribe to the channel, and then the server side will also push the results to the Web page and the client, after receiving the message, you can according to the requirements in the Goeasy callback function to do what you want to do. About the use of Goeasy push, you can refer to this blog: http://www.cnblogs.com/jishaochengduo/articles/5552645.html, In addition Goeasy push official online also has a demo:goeasy QR Code scan Code login demo, we can go to see the effect.

